If you use Firefox, you should update now to avoid file stealing exploit

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

Firefox users should update to 39.0.3 as soon as possible due to a security threat revealed on Thursday.

If you use Firefox, you should update your browser now to prevent a flaw in the software that could allow hackers to “search for and upload potentially sensitive” from your hard drive to their servers.

The security issue only impacts PCs because the flaw relies on an interaction between the browser’s PDF viewer and other features in the browser. Mac and Android users are not impacted.

“The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer. Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable. The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files.” — Daniel Veditz, Mozilla

People who use ad-blocking software may have been protected from this exploit depending on the software and specific filters being used.

The exploit leaves no trace it has been run on the local machine.

A Firefox user alerted Mozilla after discovering the flaw while browsing on a Russian news website.